Implementing the SANS 20 Critical Security Controls

Federal government agencies are under immense pressure to improve cybersecurity performance by focusing on compliance and risk management initiatives.

These agencies have begun using the SANS 20 Critical Security Controls (CSC) because it provides a framework for implementing continuous diagnostics and mitigation (CDM), sequence IT control implementations, and understand budgets and impacts of these implementations.

In light of these challenges, Tripwire will be hosting a free web seminar on implementing the SANS 20 Critical Security Controls (20 CSC) which will cover recent changes in the oversight of the 20 CSC, and how they will affect cybersecurity in the public and private sectors.

Jane Lute

Join Jane Lute, former deputy secretary of Department of Homeland Security (DHS), and Rod Murchison, vice president of product management for Tripwire, for this informative webinar.

Lute is currently President and CEO of the Council on Cybersecurity, a newly formed nonprofit focused on accelerating the widespread adoption of effective control measures to achieve and sustain cybersecurity. Murchison is an accomplished security strategist and the holder of several network security patents.

The webinar, titled “Cybersecurity Awareness and the 20 CSC,” will discuss:

The Council on Cybersecurity’s plans to update and improve 20 CSC to ease adoption

Profiles of the current ‘threat actors’ and how the 20 CSC can help thwart the most common threats

What public and private sector organizations can gain from upcoming Council on Cybersecurity events

Webinar Details:

Date: Thursday, September 12, 2013

Time: 10:00 AM Pacific/1:00 Eastern

Duration: One Hour

The 20 CSC was developed by the National Security Agency (NSA) to provide guidance that would efficiently direct resources to combat the most common network vulnerabilities and reduce the greatest number of attack vectors.

Although the initiative was originally classified, access to this security control-prioritization strategy was eventually extended to other government entities as well as administrators of critical infrastructure.

As the 20 CSC controls developed into best practices, they were made available to a wider variety of stakeholders charged with protecting sensitive data and systems. The standards, which have a strong emphasis on automation, offer a prioritized list of controls that have the greatest impact on improving security posture against real-world threats.